Dria
Swan
NFTHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

purchase would revert with some tokens

pyro

Summary

purchase would revert with tokens that implement blacklists.

Vulnerability Details

Some EIP20 complaint tokens have blacklists. Note that blacklists are not considered "not complaint" as they follow the general guidelines, like for transfer and transferFrom to revert on failure. Such tokens can be USDC or USDT with implement blacklists.

This is even more dangerous in the current system as BuyerAgent::purchase executes purchase for all assets at once, meaning that even if 1 transfer reverts, the whole TX will revert, preventing the buyer from buying the rest of the assets.

for (uint256 i = 0; i < assets.length; i++) {
address asset = assets[i];
// must not exceed the roundly buy-limit
uint256 price = swan.getListingPrice(asset);
spendings[round] += price;
if (spendings[round] > amountPerRound) {
revert BuyLimitExceeded(spendings[round], amountPerRound);
}
// add to inventory
inventory[round].push(asset);
// make the actual purchase
swan.purchase(asset);
}

The casualties here are:

  1. Buyer would not be able to buy any of the items offer to him for this round.

  2. All sellers would be scammed, as they paid a fee to list their items, but since one of the chosen sellers is blacklisted, now their items cannot get bought too.

Impact

Some rounds will finish with nothing bought and some tasks would not be completed.Not connected sellers would also lose money and the buyer would not be able to claim his items

Tools Used

Manual review.

Recommendations

Use pull over push, or just approve the seller for the tokens instead of transferring them.

Updates

Lead Judging Commences

inallhonesty Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.